Jump to content

Cannot install malwarebytes


Recommended Posts

I cannot install the latest version of Malwarebytes 1.70. I tried running the setup and get the following error which pops up 6 times at the very end of the installation "CoCreateInstance failed; code 0x80040154. Class not registered." Then when it finishes and tries to run malwarebytes it says "Run time error '372.' Failed to load control 'WebBrowser' from ieframe.dll. Your version of ieframe may be outdated. Make sure you are using the version of this control that was provided with the application.

Any help with this? Thanks

.

============== Running Processes ================

.

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Google Update] "c:\documents and settings\jason\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot

mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe

mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{C5D0F081-380F-4021-99D1-795B709BBACD} : DHCPNameServer = 192.168.1.1

.

============= SERVICES / DRIVERS ===============

.

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? COMMONFX;COMMONFX

R? CT20XUT.SYS;CT20XUT.SYS

R? CT20XUT;CT20XUT

R? CTAUDFX.SYS;CTAUDFX.SYS

R? CTAUDFX;CTAUDFX

R? CTEAPSFX.SYS;CTEAPSFX.SYS

R? CTEAPSFX;CTEAPSFX

R? CTEDSPFX.SYS;CTEDSPFX.SYS

R? CTEDSPFX;CTEDSPFX

R? CTEDSPIO;CTEDSPIO

R? CTEDSPSY;CTEDSPSY

R? CTERFXFX.SYS;CTERFXFX.SYS

R? CTERFXFX;CTERFXFX

R? CTEXFIFX.SYS;CTEXFIFX.SYS

R? CTEXFIFX;CTEXFIFX

R? CTHWIUT.SYS;CTHWIUT.SYS

R? CTHWIUT;CTHWIUT

R? CTSBLFX.SYS;CTSBLFX.SYS

R? CTSBLFX;CTSBLFX

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? AsUpIO;AsUpIO

S? aswFsBlk;aswFsBlk

S? aswFW;avast! TDI Firewall driver

S? aswKbd;aswKbd

S? aswNdis;avast! Firewall NDIS Filter Service

S? aswNdis2;avast! Firewall Core Firewall Service

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? avast! Firewall;avast! Firewall

S? COMMONFX.SYS;COMMONFX.SYS

S? CTEDSPIO.SYS;CTEDSPIO.SYS

S? CTEDSPSY.SYS;CTEDSPSY.SYS

S? MBAMSwissArmy;MBAMSwissArmy

S? MotoHelper;MotoHelper Service

.

=============== File Associations ===============

.

ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe"

.

=============== Created Last 30 ================

.

2013-01-12 22:52:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-12 22:52:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-12 22:39:38 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2013-01-12 22:38:12 -------- d-----w- c:\documents and settings\jason\application data\QuickScan

2013-01-12 22:37:46 -------- d-s---w- c:\documents and settings\jason\IECompatCache

2013-01-12 21:53:34 -------- d--h--w- c:\windows\PIF

2013-01-12 20:14:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec

2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51:58 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-10-30 23:51:56 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-10-30 23:51:56 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr

.

============= FINISH: 18:20:19.87 ===============

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

AIM 7

AMD Processor Driver

Apple Application Support

Apple Software Update

ASUSUpdate

avast! Internet Security

CCleaner

Download Updater (AOL LLC)

Dual-Core Optimizer

E-MU Audio Drivers

E-muPatchMix DSP

ERUNT 1.1j

Google Chrome

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Logitech QuickCam Software

Logitech® Camera Driver

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.4.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Musicnotes Software Suite 1.7.0

NVIDIA Control Panel 295.73

NVIDIA Drivers

NVIDIA Graphics Driver 295.73

NVIDIA Install Application

NVIDIA nView 136.18

NVIDIA nView Desktop Manager

NVIDIA Update 1.7.11

NVIDIA Update Components

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Yahoo! Messenger

Yahoo! Software Update

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Jason,

Is this the same system as Cannot open exe files?

The topmost section of this log-set is missing. Make sure in future to COPY ALL lines. Please do not do any editing.

Please delete the previous copy of DDS that you had.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 4

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 5

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 6
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 7
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 8

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Yes this is related to the .exe file post but I figured the problem went away. When I saw that I couldn't install latest version of malwarebytes I figured that something still seems to be wrong. Top part of DDS that I was missing was this:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Jason at 18:19:59 on 2013-01-12

Also when I tried to install ERUNT I got the same error I got in the other installations "Cocreate instance failed; code 0x80040154". Does this matter or should I still continue all of the steps until the end?

Link to post
Share on other sites

Hi,

I disabled my Avast Internet Security but when I got to Step 4 but wasn't able to go any further. As I tried to run RSIT.exe I got an error stating:

"AutoIT Error Line 8055 (C:\documents and settings\Jason\desktop\RSIT.exe) Error: Variable used without being declared."

So I cannot post any logs for that. Should I continue going on this?

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/13/2013 04:46:36 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\CTHELPER.EXE (PID: 748) [WD-HEUR]

* C:\WINDOWS\system32\LVCOMSX.EXE (PID: 776) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/13/2013 04:47:14 PM

Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Internet Security

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

````````Process Check: objlist.exe by Laurent````````

system32 AvastSvc.exe -?-

system32 AvastUI.exe -?-

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Jason [Admin rights]

Mode : Scan -- Date : 01/13/2013 22:36:18

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] d1987b2cca300e618102e168802274f0

[bSP] ca9b1000797f7a27af4471da4ae228af : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_01132013_02d2236.txt >>

RKreport[1]_S_01132013_02d2236.txt

Link to post
Share on other sites

I still cannot run Malwarebytes even though it says its installed. I'm still seeing:

Run-time error '372.'

Failed to load control 'WebBrowser' from ieframe.dll. Your version of ieframe.dll may be outdated. Make sure you are using the version of the control that was provided with the application.

Link to post
Share on other sites

Please have patience, and only make posts on the forum in "this thread".

Your system appears to have complicating factors, preventing the proper installation of MBAM, starting with it not having some Windows services set properly.

Just please follow my guidance and have patience.

If you started some programs, or have open work documents, Save any open work-files and close the programs.

This next procedure will involve a reboot/restart.

Windows services

This will be a batch-run .

  • Press the Windows-key +R key on keyboard to get RUN menu.
  • In the RUN box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo on
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= auto
    sc config bits start= manual
    sc config msiserver= manual
    sc config sens start= auto
    sc config eventlog start= auto
    sc start sens
    sc start eventlog
    sc start bits
    sc config wuauserv start= auto
    sc config vss start= manual
    shutdown -r -t 1
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the Filename box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Double click Fix.bat on your desktop to start the batch run in a Command prompt window.

This procedure will do its tasks and then it will Restart Windows.

NEXT:

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

Farbar Service Scanner Version: 16-01-2013

Ran by Jason (administrator) on 15-01-2013 at 21:40:11

Running from "C:\Documents and Settings\Jason\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswFW(9) aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)

0x09000000050000000100000002000000030000000400000009000000080000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

The FSS report is good.

Do this next

Step 1

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
  • Re-enable your security software.

Step 2

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Re-enable the anti-virus application that you turned off before.

Link to post
Share on other sites

The Junkware removal tool is good since it looks like it repaired and removed a few things that nothing else picked up.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.3 (01.15.2013:1)

OS: Microsoft Windows XP x86

Ran by Jason on Wed 01/16/2013 at 22:24:18.39

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnu.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdate

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/16/2013 at 22:30:09.20

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

I just went through the setup for malwarebytes and unfortunately I get the same exact errors as before "CoCreateInstance failed; code 0x80040154. Class not registered." pops up 5 times at the end and then the "run-time error 372. Failed to load control 'WebBrowser' from ieframe.dll. Your version of ieframe.dll may be oudated. Make sure you are using the version of the control that was provided with your application." when I try to open malwarebytes.

Any other ideas?

Link to post
Share on other sites

Let's put aside the attempt to install MBAM.

Do the following:

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

ComboFix 13-01-17.03 - Jason 01/17/2013 20:32:22.1.2 - x86

Running from: c:\documents and settings\Jason\Desktop\Combo-Fix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\regedit.com

.

.

((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))

.

.

2013-01-12 22:30 . 2013-01-13 21:41 -------- d-----w- c:\program files\ERUNT

2013-01-12 21:53 . 2013-01-12 21:53 -------- d--h--w- c:\windows\PIF

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2008-04-14 12:00 1371648 ----a-w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2012-10-30 23:51 . 2011-08-07 20:45 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 23:51 . 2011-08-07 20:45 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51 . 2011-08-07 20:45 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 23:51 . 2011-08-07 20:45 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 23:51 . 2011-08-07 20:45 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2012-10-30 23:51 . 2011-08-07 20:45 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 23:51 . 2011-08-07 20:45 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 23:51 . 2012-02-25 15:47 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-10-30 23:51 . 2011-08-07 20:45 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 23:51 . 2011-08-07 20:45 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys

2012-10-30 23:51 . 2011-08-07 20:45 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 23:51 . 2011-08-07 20:45 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 23:50 . 2011-08-07 20:45 227648 ----a-w- c:\windows\system32\aswBoot.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2008-03-20 31232]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]

"Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"CTHelper"="CTHELPER.EXE" [2008-03-20 23040]

"CTxfiHlp"="CTXFIHLP.EXE" [2008-03-20 23552]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]

R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]

R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [x]

R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [x]

R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [x]

R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [x]

R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [x]

R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [x]

R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]

R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]

R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]

S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]

S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [x]

S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 01:28]

.

2013-01-18 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 23:50]

.

2013-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-220523388-1801674531-1003Core.job

- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-07 20:39]

.

2013-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-220523388-1801674531-1003UA.job

- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-07 20:39]

.

2012-12-31 c:\windows\Tasks\MotoHelper MUM.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2013-01-17 c:\windows\Tasks\MotoHelper Routing.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

2012-12-31 c:\windows\Tasks\MotoHelper Update.job

- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

AddRemove-SoftwareUpdUtility - c:\program files\Common Files\Software Update Utility\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-17 20:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

C:\avast! sandbox

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

Completion time: 2013-01-17 20:37:37

ComboFix-quarantined-files.txt 2013-01-18 01:37

.

Pre-Run: 289,124,982,784 bytes free

Post-Run: 289,311,776,768 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 50A89E82AB533367D0CFAE2C28F0171C

Link to post
Share on other sites

Hello Jason,

I'd like to have you run XP System File Checker.

Make sure you are logged in with a login-account that has administrator rights.

From Start menu, select Command prompt {or from RUN menu, type

CMD

press <enter-key>)

and then type in the command-prompt window

SFC / SCANNOW

and press OK or ENTER to start it. NOTE: there is one space before and after the forward slash.

That would get System File Checker running, and recheck your versions of Windows system files

You may refer to these MS articles

Description of Windows XP and Windows Server 2003 System File Checker (Sfc.exe)

Description of the Windows File Protection feature

Step 2

download VEW by Vino Rosso and save it to your desktop >> from here << .

Double click on VEW.exe to start the program.

In the Select log to query section, check (tick):

  • Application
  • System

In the Select type to list section, check:

  • Critical (not XP)
  • Error
  • Information
  • Warning

In the Number or date of events section, check:

Number of events... then enter 20 in the entry box beside it.

Press the Run button.

A Notepad report will open when done, please Copy >Paste the contents of this report.

It is located at %systemdrive%\VEW.txt, usually C:\VEW.txt.</enter>

Link to post
Share on other sites

Did you successfully complete the SFC run? Please advise.

Try just 1 time: Turn off your Antivirus program, and then give 1 try for the VEW procedure.

Then, Next:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Double Click the otlDesktopIcon.png icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Weird. When I try to run OTL I get an error that OTL has encountered a problem and needs to close. : AppName: otl.exe AppVer: 3.2.69.0 ModName: kernel32.dll

ModVer: 5.1.2600.6293 Offset: 00012fd3.

What else to try?

<?xml version="1.0" encoding="UTF-16"?>

<DATABASE>

<EXE NAME="OTL.exe" FILTER="GRABMI_FILTER_PRIVACY">

<MATCHING_FILE NAME="Combo-Fix.exe" SIZE="5024203" CHECKSUM="0x153F51EB" BIN_FILE_VERSION="13.1.17.3" BIN_PRODUCT_VERSION="13.1.17.3" FILE_DESCRIPTION="ComboFix NSIS Installer" COMPANY_NAME="Swearware" PRODUCT_NAME="ComboFix" FILE_VERSION="13.01.17.03" ORIGINAL_FILENAME="ComboFix.exe" INTERNAL_NAME="ComboFix.exe" LEGAL_COPYRIGHT="sUBs" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4CBC43" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="13.1.17.3" UPTO_BIN_PRODUCT_VERSION="13.1.17.3" LINK_DATE="12/05/2009 22:50:46" UPTO_LINK_DATE="12/05/2009 22:50:46" VER_LANGUAGE="English (United States) [0x409]" />

<MATCHING_FILE NAME="FSS.exe" SIZE="350915" CHECKSUM="0xF3E11884" BIN_FILE_VERSION="3.3.8.1" BIN_PRODUCT_VERSION="3.3.8.1" COMPANY_NAME="Farbar" FILE_VERSION="3.3.8.1" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.3.8.1" UPTO_BIN_PRODUCT_VERSION="3.3.8.1" LINK_DATE="01/29/2012 21:32:28" UPTO_LINK_DATE="01/29/2012 21:32:28" VER_LANGUAGE="English (United Kingdom) [0x809]" />

<MATCHING_FILE NAME="mbam-setup-1.70.0.1100 (1).exe" SIZE="10156344" CHECKSUM="0xD093988F" BIN_FILE_VERSION="1.70.0.1100" BIN_PRODUCT_VERSION="1.70.0.1100" PRODUCT_VERSION="1.70.0.1100 " FILE_DESCRIPTION="Malwarebytes Anti-Malware " COMPANY_NAME="Malwarebytes Corporation " PRODUCT_NAME="Malwarebytes Anti-Malware " FILE_VERSION="1.70.0.1100 " LEGAL_COPYRIGHT="© Malwarebytes Corporation. All rights reserved. " VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9BCA46" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="1.70.0.1100" UPTO_BIN_PRODUCT_VERSION="1.70.0.1100" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="Language Neutral [0x0]" />

<MATCHING_FILE NAME="OTL.exe" SIZE="602112" CHECKSUM="0xABD80C51" BIN_FILE_VERSION="3.2.69.0" BIN_PRODUCT_VERSION="3.2.69.0" PRODUCT_VERSION="3.0.0.0" FILE_DESCRIPTION="" COMPANY_NAME="OldTimer Tools" PRODUCT_NAME="OTL" FILE_VERSION="3.2.69.0" ORIGINAL_FILENAME="OTL.exe" INTERNAL_NAME="OTL.exe" LEGAL_COPYRIGHT="" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0F87" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.2.69.0" UPTO_BIN_PRODUCT_VERSION="3.2.69.0" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="English (United States) [0x409]" />

<MATCHING_FILE NAME="RogueKiller.exe" SIZE="764416" CHECKSUM="0xF23384DE" BIN_FILE_VERSION="8.4.3.0" BIN_PRODUCT_VERSION="8.4.3.0" PRODUCT_VERSION="8.4.3" FILE_DESCRIPTION="RogueKiller by Tigzy" COMPANY_NAME="Tigzy" PRODUCT_NAME="RogueKiller" FILE_VERSION="8.4.3" ORIGINAL_FILENAME="RogueKiller" INTERNAL_NAME="RogueKiller" LEGAL_COPYRIGHT="Tigzy" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="8.4.3.0" UPTO_BIN_PRODUCT_VERSION="8.4.3.0" LINK_DATE="01/10/2013 06:06:37" UPTO_LINK_DATE="01/10/2013 06:06:37" VER_LANGUAGE="French (France) [0x40c]" />

<MATCHING_FILE NAME="RSIT.exe" SIZE="781383" CHECKSUM="0xC93246C1" BIN_FILE_VERSION="3.3.6.1" BIN_PRODUCT_VERSION="3.3.6.1" FILE_DESCRIPTION="" FILE_VERSION="3, 3, 6, 1" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0xC44A2" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.3.6.1" UPTO_BIN_PRODUCT_VERSION="3.3.6.1" LINK_DATE="04/16/2010 07:47:33" UPTO_LINK_DATE="04/16/2010 07:47:33" VER_LANGUAGE="English (United Kingdom) [0x809]" />

<MATCHING_FILE NAME="SecurityCheck.exe" SIZE="881914" CHECKSUM="0xF78B0FEB" MODULE_TYPE="WIN32" PE_CHECKSUM="0x236E4" LINKER_VERSION="0x0" LINK_DATE="03/15/2010 06:27:50" UPTO_LINK_DATE="03/15/2010 06:27:50" />

<MATCHING_FILE NAME="VEW.exe" SIZE="61440" CHECKSUM="0x5D3B730F" BIN_FILE_VERSION="1.0.0.4" BIN_PRODUCT_VERSION="1.0.0.4" PRODUCT_VERSION="1.00.0004" FILE_DESCRIPTION="Windows Event Viewer - Reports from 1 to 20 of the last events or between two dates." COMPANY_NAME=" " PRODUCT_NAME="Vino's Event Viewer" FILE_VERSION="1.00.0004" ORIGINAL_FILENAME="VEWv01c.exe" INTERNAL_NAME="VEWv01c" LEGAL_COPYRIGHT="Fill Your Boots!" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF529" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="1.0.0.4" UPTO_BIN_PRODUCT_VERSION="1.0.0.4" LINK_DATE="08/10/2009 21:02:23" UPTO_LINK_DATE="08/10/2009 21:02:23" VER_LANGUAGE="English (United States) [0x409]" />

</EXE>

<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">

<MATCHING_FILE NAME="kernel32.dll" SIZE="990208" CHECKSUM="0xCC2C4544" BIN_FILE_VERSION="5.1.2600.6293" BIN_PRODUCT_VERSION="5.1.2600.6293" PRODUCT_VERSION="5.1.2600.6293" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.6293 (xpsp_sp3_gdr.121001-1622)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFBCBC" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.6293" UPTO_BIN_PRODUCT_VERSION="5.1.2600.6293" LINK_DATE="10/03/2012 04:58:13" UPTO_LINK_DATE="10/03/2012 04:58:13" VER_LANGUAGE="English (United States) [0x409]" />

</EXE>

<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">

<MATCHING_FILE NAME="kernel32.dll" SIZE="990208" CHECKSUM="0xCC2C4544" BIN_FILE_VERSION="5.1.2600.6293" BIN_PRODUCT_VERSION="5.1.2600.6293" PRODUCT_VERSION="5.1.2600.6293" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.6293 (xpsp_sp3_gdr.121001-1622)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFBCBC" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.6293" UPTO_BIN_PRODUCT_VERSION="5.1.2600.6293" LINK_DATE="10/03/2012 04:58:13" UPTO_LINK_DATE="10/03/2012 04:58:13" VER_LANGUAGE="English (United States) [0x409]" />

</EXE>

</DATABASE>

Link to post
Share on other sites

Security Check can run:

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Internet Security

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

````````Process Check: objlist.exe by Laurent````````

system32 AvastSvc.exe -?-

system32 AvastUI.exe -?-

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.